Historically, every cellular device, such as a mobile phone, smartphone, or any other mobile terminal which is configured for communicating over a cellular radio access network, such as Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), or Long-Term Evolution (LTE), has been equipped with a removable Universal Integrated Circuit Card (UICC). The UICC is a smart card defined in ETSI TR 102 216. It typically contains a number of applications, in particular the Subscriber Identity Module (SIM) application for use in GSM networks and the Universal SIM (USIM) for use in UMTS and LTE networks. The SIM and USIM store the International Mobile Subscriber Identity (IMSI) and one or more keys, or shared secrets, for deriving keys used for identifying and authenticating subscribers on mobile networks and for services provided by these networks.
Recently, the GSM Association (GSMA) has published specifications for a non-removable UICC, referred to as the embedded UICC or plainly eUICC. The eUICC contains an eSIM application, and the terms non-removable SIM, embedded SIM, and eSIM, are often used synonymously. The eUICC and its embedded SIM have the same functionality as the traditional UICC with its SIM and USIM, but the eUICC has a different form factor and is typically designed to be permanently soldered into a mobile terminal, rather than being removable. The eUICC is a smart card, similar to the UICC, i.e., an electronic device comprising embedded electronic circuits, such as a processor and memory.
Examples of usage areas for which eUICCs play a critical role ranges from traditional Machine-to-Machine (M2M) services, such as utility and automotive services, to usage in connected consumer electronics.
Important use-cases for the above areas include, e.g., when a mobile terminal comprising a eUICC gets provisioned for the first time with its first commercial operator, i.e., a Mobile Network Operator (MNO). This process is commonly denoted as “bootstrapping” or “provisioning of first operational profile”. Other use-cases are, e.g., a “change of operator profile”, i.e., when operator credentials on an eUICC are changed from a current commercial operator to a new commercial operator. As a further example, use-cases may also include “subscription transfer”, i.e., when the Operator credentials residing on a current eUICC are transferred to a new eUICC.
In order to carry out the above use-cases Over The Air (OTA), i.e., without physically accessing the mobile terminal, in contrast to today's manually procedure which involves physically swapping the UICC, the GSMA has specified the roles of the Subscription Manager-Data Preparation (SM-DP) entity and the Subscription Manager-Secure Router (SM-SR) entity, for instance in GSMA Embedded SIM Remote Provisioning Architecture, Version 1.1, 17 Dec. 2013, and GSMA Remote Provisioning Architecture for Embedded UICC, Technical Specification, Version 1.0, 17 Dec. 2013.
The remote subscription management eco-system is characterized by a number of different SM-SR and SM-DP actors, and many times the SM-SR and SM-DP services are offered by same juridical person or entity. Nevertheless, the rationale of having the two different roles is, among Others, to invite new actors into the eco-system. For instance, SM-DP services may be offered by eUICC manufacturers also referred to as the Embedded UICC Manufacturers (EUM). Further, SM-SR services may, e.g., be offered by established Original Equipment Manufacturers (OEM).
Manufacturers of devices which are configured for communicating over cellular mobile networks need to have a business relation, directly or indirectly, with one or many EUMs as well as SM-DP actors, which many times are the same juridical person, though not always.
Discussions are ongoing to agree upon a common profile format/package that makes it possible for any SM-DP actor which complies with GSMA certification and accreditation specifications to download an operator profile onto an eUICC card which also complies with GSMA certification and accreditation specifications.
However, it may still be desirable for an MNO to be able to integrate several different SM-DP actors, for example, for specific vendor proprietary extensions, and for keeping existing business relationships and processes intact.
Today's standards do not give any guidance as to how to connect a specific eUICC, having a unique eUICC-ID, or EID, to more than one SM-DP.